Password File

Security Considerations

the password is never sent in plain text over the wire, the authentication modes that require the password to be sent to the server unhashed (sys: pam and win32) will refuse to run without Encryption

when used over TCP sockets, password authentication is vulnerable to man-in-the-middle attacks where an attacker could intercept the initial exchange and use the stolen authentication challenge response to access the session, Encryption prevents that

the client does not verify the authenticity of the server, Encryption does